SD-BROV: An enhanced BGP hijacking protection with route validation in software-defined exchange

In global networks, Border Gateway Protocol (BGP) is widely used in exchanging routing information. While the original design of BGP did not focus on security protection against deliberate or accidental errors regarding to routing disruption, one of fundamental vulnerabilities in BGP is a lack of in...

Full description

Saved in:
Bibliographic Details
Main Authors: Tsai, Pang-Wei, Risdianto, Aris Cahyadi, Choi, Meng Hui, Permal, Satis Kumar, Ling, Teck Chaw
Format: Article
Published: MDPI 2021
Subjects:
Online Access:http://eprints.um.edu.my/35028/
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.um.eprints.35028
record_format eprints
spelling my.um.eprints.350282022-09-08T01:20:49Z http://eprints.um.edu.my/35028/ SD-BROV: An enhanced BGP hijacking protection with route validation in software-defined exchange Tsai, Pang-Wei Risdianto, Aris Cahyadi Choi, Meng Hui Permal, Satis Kumar Ling, Teck Chaw QA Mathematics QA75 Electronic computers. Computer science In global networks, Border Gateway Protocol (BGP) is widely used in exchanging routing information. While the original design of BGP did not focus on security protection against deliberate or accidental errors regarding to routing disruption, one of fundamental vulnerabilities in BGP is a lack of insurance in validating authority for announcing network layer reachability. Therefore, a distributed repository system known as Resource Public Key Infrastructure (RPKI) has been utilized to mitigate this issue. However, such a validation requires further deployment steps for Autonomous System (AS), and it might cause performance and compatibility problems in legacy network infrastructure. Nevertheless, with recent advancements in network innovation, some traditional networks are planning to be restructured with Software-Defined Networking (SDN) technology for gaining more benefits. By using SDN, Internet eXchange Point (IXP) is able to enhance its capability of management by applying softwarized control methods, acting as a Software-Defined eXchange (SDX) center to handle numerous advertisement adaptively. To use the SDN method to strengthen routing security of IXP, this paper proposed an alternative SDX development, SD-BROV, an SDX-based BGP Route Origin Validation mechanism that establishes a flexible route exchange scenario with RPKI validation. The validating application built in the SDN controller is capable of investigating received routing information. It aims to support hybrid SDN environments and help non-SDN BGP neighbors to get trusted routes and drop suspicious ones in transition. To verify proposed idea with emulated environment, the proof-of-concept development is deployed on an SDN testbed running over Research and Education Networks (RENs). During BGP hijacking experiment, the results show that developed SD-BROV is able to detect and stop legitimate traffic to be redirected by attacker, making approach to secure traffic forwarding on BGP routers. MDPI 2021-07 Article PeerReviewed Tsai, Pang-Wei and Risdianto, Aris Cahyadi and Choi, Meng Hui and Permal, Satis Kumar and Ling, Teck Chaw (2021) SD-BROV: An enhanced BGP hijacking protection with route validation in software-defined exchange. Future Internet, 13 (7). ISSN 1999-5903, DOI https://doi.org/10.3390/fi13070171 <https://doi.org/10.3390/fi13070171>. 10.3390/fi13070171
institution Universiti Malaya
building UM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Malaya
content_source UM Research Repository
url_provider http://eprints.um.edu.my/
topic QA Mathematics
QA75 Electronic computers. Computer science
spellingShingle QA Mathematics
QA75 Electronic computers. Computer science
Tsai, Pang-Wei
Risdianto, Aris Cahyadi
Choi, Meng Hui
Permal, Satis Kumar
Ling, Teck Chaw
SD-BROV: An enhanced BGP hijacking protection with route validation in software-defined exchange
description In global networks, Border Gateway Protocol (BGP) is widely used in exchanging routing information. While the original design of BGP did not focus on security protection against deliberate or accidental errors regarding to routing disruption, one of fundamental vulnerabilities in BGP is a lack of insurance in validating authority for announcing network layer reachability. Therefore, a distributed repository system known as Resource Public Key Infrastructure (RPKI) has been utilized to mitigate this issue. However, such a validation requires further deployment steps for Autonomous System (AS), and it might cause performance and compatibility problems in legacy network infrastructure. Nevertheless, with recent advancements in network innovation, some traditional networks are planning to be restructured with Software-Defined Networking (SDN) technology for gaining more benefits. By using SDN, Internet eXchange Point (IXP) is able to enhance its capability of management by applying softwarized control methods, acting as a Software-Defined eXchange (SDX) center to handle numerous advertisement adaptively. To use the SDN method to strengthen routing security of IXP, this paper proposed an alternative SDX development, SD-BROV, an SDX-based BGP Route Origin Validation mechanism that establishes a flexible route exchange scenario with RPKI validation. The validating application built in the SDN controller is capable of investigating received routing information. It aims to support hybrid SDN environments and help non-SDN BGP neighbors to get trusted routes and drop suspicious ones in transition. To verify proposed idea with emulated environment, the proof-of-concept development is deployed on an SDN testbed running over Research and Education Networks (RENs). During BGP hijacking experiment, the results show that developed SD-BROV is able to detect and stop legitimate traffic to be redirected by attacker, making approach to secure traffic forwarding on BGP routers.
format Article
author Tsai, Pang-Wei
Risdianto, Aris Cahyadi
Choi, Meng Hui
Permal, Satis Kumar
Ling, Teck Chaw
author_facet Tsai, Pang-Wei
Risdianto, Aris Cahyadi
Choi, Meng Hui
Permal, Satis Kumar
Ling, Teck Chaw
author_sort Tsai, Pang-Wei
title SD-BROV: An enhanced BGP hijacking protection with route validation in software-defined exchange
title_short SD-BROV: An enhanced BGP hijacking protection with route validation in software-defined exchange
title_full SD-BROV: An enhanced BGP hijacking protection with route validation in software-defined exchange
title_fullStr SD-BROV: An enhanced BGP hijacking protection with route validation in software-defined exchange
title_full_unstemmed SD-BROV: An enhanced BGP hijacking protection with route validation in software-defined exchange
title_sort sd-brov: an enhanced bgp hijacking protection with route validation in software-defined exchange
publisher MDPI
publishDate 2021
url http://eprints.um.edu.my/35028/
_version_ 1744649203733233664
score 13.211869